While some small business owners may not think of their business as being a target for cybercriminals – according to Manta, 87% of small business owners surveyed said they didn’t feel they were at risk of experiencing a data breach – a new report by Norton has revealed that not only are Australian SMBs more vulnerable to cyber threats, but they also stand to lose a lot more in a cyber attack than ever before.
Thankfully, however, the survey also reveals Australian SMBs are becoming more cybersecurity savvy – though there’s still room for improvement.
These are just some of the findings from the newly released Norton SMB Cyber Security Survey 2017, which surveyed over 1000 small-to-medium (1–20 employees) business owners and operators from around the country. This survey comes right on the heels of the introduction of the Australian Government’s Notifiable Data Breaches scheme last month, which obligates organisations to inform individuals whose personal information is involved in a data breach that is likely to result in serious harm. In light of this, it is more imperative than ever that SMBs do all they can to protect the data and preserve the privacy of their customers.
Here are some of the key takeaways from the Norton SMB Cyber Security Survey 2017.
Small business cyber threats are up
According to the survey, 1 in 4 Australian SMBs experienced a cyber attack in 2017, a figure that is up from 1 in 5 the previous year. This is in line with perceptions, with 25% of respondents noting an increase in cybersecurity threats felt by their business in the past 12 months.
The most prevalent type of cyber threat was email or phishing scams, experienced by 54% of SMBs who had suffered from cyber attacks. This figure was up from 52% in 2016. Also common were hacking attempts (36%) and ransomware scams (28%), though notably only 16% of those impacted by ransomware attacks had actually paid the ransom, compared to 34% in 2016. This may be because SMBs are taking more preventative cybersecurity measures, such as backing up their data on a regular basis.
If you believe these threats sound pretty familiar, you’d be right – these results reveal that cyber criminals stuck to tried-and-tested methods of infiltrating organisations in 2017. This provides some hope to SMBs in that they are facing known threats that can similarly be defended against with tried-and-tested measures.
The cost of cybercrime has risen sharply
One particularly alarming finding of the survey was that the cost of cybercrime rose sharply in 2017, costing Australian SMBs an average of $10,299. Compared to the 2016 figure of $6,591, this is a whopping increase of 56% in just 12 months, underlining just how crucial it is for SMBs to be highly diligent about cybersecurity.
The survey also underscored other impacts of cyber threats, with downtime emerging as the biggest at 39%. Indeed, over 1 in 3 SMBs said they wouldn’t survive a week without critical information.
“For the many Australian SMBs facing a resource crunch, the cost of cybercrime is not just financial. Cyber attacks have the potential to significantly affect how a business operates and how it is perceived by customers, particularly in the event of lengthy downtime or a data breach. In an environment where competition and customer expectations are high, cyber attacks have the power to cripple SMBs, regardless of industry,” said Mark Gorrie, Director of Norton Business Unit, Symantec Pacific Region.
SMBs are becoming more cybersecurity savvy (but more can be done)
As small business cyber threats loom large, it was heartening to see that SMBs were responding in kind and taking more measures to protect their information.
Australian SMBs, for example, reported backing up their data more frequently, with 32% now doing so continuously (up from 26% the previous year). They also reported that more company devices, including laptops, PCs, tablets and smartphones, became password protected in 2017 (80–88%, compared to just 72–82% in 2016).
SMBs signing up for internet security solutions also jumped 9% to 87% in 2017, though Norton notes this still leaves 13% of businesses in the highly vulnerable position of having no internet security solution.
Australian businesses are also winning back control of the devices within the pockets of their employees, with fewer operators having access to financial data from a mobile (36%) or personal device (46%) compared to those surveyed in 2016 (47% and 52% respectively).
While these figures are encouraging, they also show that SMBs could be doing more. Almost 1 in 5 SMBs back up their data no more than monthly, while at least 25% did not take any security measures when accessing public Wi-Fi. They also found 55% of SMBs had neither a formal security policy nor mandatory training in place.
“As the financial and operational impact of cyber attacks become harder for SMBs to ignore, business owners and operators are beginning to knuckle down and get the basics right – from using passwords, two-step verification and back up, to the more complex tasks of regulating access to company data. With the introduction of Australia’s new mandatory data breach disclosure laws, we expect more Australian SMBs will go from seeing cybersecurity as a ‘nice to have’ to a critical piece in securing the future success of their business,” said Gorrie.
Cybersecurity best practices
Norton recommends that small business take the following measures to protect themselves from cyber threats.
- Don’t wait until it’s too late: SMBs shouldn’t wait until they’ve been hit a cyber attack to take security measures. The time to act is now.
- Invest in security and backup: Comprehensive security software solutions can dramatically reduce the risk of cyber attacks, while backup solutions can ensure valuable data isn’t lost. SMBs should also consider adding encryption as an extra layer of protection to devices, in case they are stolen.
- Keep up-to-date: All company devices, routers, operating systems, software and applications should be kept up to date, as these often include patches that fix existing security vulnerabilities.
- Get employees involved: It’s important to ensure employees are educated about cybersecurity best practices so they become your best line of defence against cyber attacks, and not your weakest link.
- Get wifi-savvy: When using a public Wi-Fi or unsecured networks, Norton recommends using a VPN so that all data is encrypted, and hackers are unable to eavesdrop on your activity or intercept confidential data.
- Use strong passwords: Norton recommends using unique passwords for all devices and business accounts, and changing passwords every 3 months. (If you have a lot of devices and accounts, password managers can be a particularly useful tool.)
- Consider adding a cyber insurance policy: That way you don’t need to worry about any potential financial losses stemming from cyber attacks.
As this survey reveals, having a stringent cybersecurity policy applies not just to larger organisations, but to small businesses too. Don’t be a statistic in next year’s survey – make sure you are taking measures to protect your business today.
To learn more about how to protect your organisation, particularly when it comes to the Internet of Things, download our ebook Cautionary tales: cybersecurity and the Internet of Things. It explains the biggest challenges in cybersecurity over the next decade, identifies common cyber attack sources and will help you prepare your organisation well enough to survive a cyber attack. Download it today.